#!/bin/sh
# PCP QA Test No. 823
# Exercise basic SASL functionality using a custom sasldb.
#
# Copyright (c) 2013,2017 Red Hat.
#
# NOTE
#	This test is likely to fail unless hostname(1) returns
#	some sort of FQDN.  For example, when hostname was vm23 it
#	failed, but when hostname was set (via /etc/hostname in
#	this case) to vm23.localdomain the test passes.

seq=`basename $0`
echo "QA output created by $seq"

. ./common.secure

_get_libpcp_config
$authentication || _notrun "No authentication support available"

sasl_notrun_checks saslpasswd2 sasldblistusers2
$pluginviewer -a | grep 'Plugin "sasldb"' >/dev/null
test $? -eq 0 || _notrun "SASL sasldb auxprop plugin unavailable"
$pluginviewer -c | grep 'Plugin "plain"' >/dev/null 2>&1
test $? -eq 0 || _notrun 'No client support for plain authentication'
$pluginviewer -s | grep 'Plugin "plain"' >/dev/null 2>&1
test $? -eq 0 || _notrun 'No server support for plain authentication'

cleanup()
{
    # restore any modified pmcd configuration files
    _restore_config $PCP_SASLCONF_DIR/pmcd.conf

    _service pcp stop 2>&1 | _filter_pcp_stop
    _service pcp start 2>&1 2>&1 | _filter_pcp_start
    _wait_for_pmcd
    _wait_for_pmlogger

    $sudo rm -rf $tmp.*
}

status=1	# failure is the default!
hostname=`hostname`
$sudo rm -rf $tmp.* $seq.full
trap "cleanup; exit \$status" 0 1 2 3 15

_filter_listusers2()
{
    sed \
        -e "s/^$username/USER/" \
        -e "s/@$hostname:/@HOST:/"
}

# real QA test starts here
_save_config $PCP_SASLCONF_DIR/pmcd.conf
echo 'mech_list: plain' >$tmp.sasl
echo "sasldb_path: $tmp.passwd.db" >>$tmp.sasl
$sudo cp $tmp.sasl $PCP_SASLCONF_DIR/pmcd.conf
$sudo chown pcp:pcp $PCP_SASLCONF_DIR/pmcd.conf
ls -l $PCP_SASLCONF_DIR/pmcd.conf >>$seq.full
$sudo -u pcp cat $PCP_SASLCONF_DIR/pmcd.conf >>$seq.full

echo "Creating temporary sasldb, add user running QA to it" | tee -a $seq.full
echo y | saslpasswd2 -p -a pmcd -f $tmp.passwd.db $username

echo "Verify saslpasswd2 has successfully added a new user" | tee -a $seq.full
sasldblistusers2 -f $tmp.passwd.db \
| tee -a $seq.full \
| _filter_listusers2

echo "Ensure pmcd can read the password file" | tee -a $seq.full
$sudo chown pcp:pcp $tmp.passwd.db
ls -l $tmp.passwd.db >>$seq.full
$sudo -u pcp od -c $tmp.passwd.db >>$seq.full

echo "Start pmcd with this shiny new sasldb"
_service pcp restart 2>&1 | tee -a $seq.full >$tmp.out
_wait_for_pmcd
_wait_for_pmlogger

echo "Enabling sample PMDA tracing" | tee -a $seq.full
authdbg=`pmdbg -l -o | grep DBG_TRACE_AUTH | awk '{ print $2 }'`
echo "authdbg=$authdbg" >>$seq.full
echo "username=$username" >>$seq.full
pmstore sample.control "$authdbg"

echo "Verifying SASL authentication for new client (FAIL)" | tee -a $seq.full
pmprobe -v -h "pcp://localhost?username=${username}&password=n" sample.control 2>&1\
| tee -a $tmp.out
grep -q 'user not found' $tmp.out && _notrun "sasldb user-not-found libsasl bug"
cat $PCP_LOG_DIR/pmcd/sample.log >>$seq.full
filter_sample_log_credentials
echo "pmcd.log (from expected FAIL)" >>$seq.full | tee -a $seq.full
cat $PCP_LOG_DIR/pmcd/pmcd.log >>$seq.full

echo "Verifying SASL authentication for new client (PASS)" | tee -a $seq.full
pmprobe -v -h "pcp://localhost?username=${username}&password=y" sample.control
cat $PCP_LOG_DIR/pmcd/sample.log >>$seq.full
filter_sample_log_credentials
echo "pmcd.log (from expected PASS)" >>$seq.full
cat $PCP_LOG_DIR/pmcd/pmcd.log >>$seq.full

# success, all done
status=0
exit
